1. Field of the Invention
The present invention relates generally to computer technology and is concerned with the use of smart cards that can be used to execute programs stored on the cards as a trusted platform. This invention relates to both hardware and software.
2. Background Art
A smart card is the size of a conventional credit card, and contains an electronic microchip. The chip stores electronic data and programs that are protected by security features. There are two types of smart cards, contact and contactless cards. Contact smart cards must be used in conjunction with a smart card reader. When the smart card is inserted into a smart card reader, the reader makes contact with a small gold plate about 0.5 inches in diameter on the front of the card, through which data is transferred to and from the chip. Contactless smart cards are passed near an antenna to carry out a transaction. They have an electronic microchip and an antenna embedded inside. These components allow the card to communicate with an antenna/coupler unit without physical contact.
The size of the card is determined by international standard ISO (International Standards Organization) 7810. The ISO 7810 standard defines the physical characteristics of the card, including position of the electrical contacts and how the microchip communicates with the outside world. A number of standards have also been defined for specific applications, including digital cell phones, credit card functions and electronic purses. The implementation of Java™ on smart cards is also the subject of ongoing standardization work (Javacard version 1 and 2).
There are different types of security mechanisms used in smart cards. Access to the information contained in a smart card is controlled to limit who can access the information (everybody, the card holder or a specific third party) and how can the information be accessed (read only, added to, modified or erased). With regard to access, some smart cards require no password and anyone holding the card can have access. Others limit access to the cardholder only, typically by the use of a password in the form of a PIN (Personal Identification Number) number. If an unauthorized individual tries to use the card, it will lock-up after several unsuccessful attempts to present the correct PIN code. Some smart cards can only be accessed by the party who issued them, as in the case of an electronic purse that can only be reloaded by the issuing bank. Information on a smart card can be divided into information that can only be read, information that can only be added, information that can only be updated and information with no access available.
A smart card can restrict the use of information to an authorized person with a password. However, if this information is then transmitted by radio or telephone, additional protection is necessary. One form of protection is encryption or the use of a code. Some smart cards are capable of encryption and decryption so the stored information can be transmitted without compromising confidentiality. This authentication process ensures only genuine cards are used and makes eaves-dropping more difficult.
Some smart cards, with microprocessors and memory, have the ability to execute customized application programs. For such applications, the security of the card and its tamper resistance are of great concern. Smart cards can be used to provide additional security for applications by providing a secure tamper resistant store (or storage area) for data. Issuers of smart cards want to use the smart card memory for execution of programs because the smart card is a trusted environment.
One of the limitations of smart cards arises from their limited memory capacity. Current cards typically only have a few thousand bits of memory for user applications. Consequently, applications running on smart cards always tend to run out of memory. There is a need for a way to extend the memory availability of smart cards to accommodate various applications.